Re: [LARTC] Ethernet bridge overflow ?
Sébastien CRAMATTE wrote: Hello, I've setuped an ethernet bridge on a debian sarge 3.1 with l7-filter + ipp2 shapper rules The server is a supermicro p4sci + celeron pentium 4 base 3ghz + 512Mb + 2 ethernet e1000 One interface is connected to a cisco catalyst switch The other interface is connected directly to a CMTS (a sort of router for cable modem) configured as bridge too. More than 20Mbps of bandwith cross this bridge. Most of this traffic is p2p (~80%) When traffic goes over 14Mbps the bridge seems to saturate (overflow ? ) and start to make colision and loose packets I've take a look to this paper http://facweb.cti.depaul.edu/jyu/Publications/Yu-Linux-TSM2004.pdf And with a duron 1,3Ghz+512 mbps he obtain these values Input Rate 28,444,444 (bps) Latency29 (us) Throughput 28,000,000 (bps) Linux CPU 77% Occupancy A duron 1,3 is less powered than a celeron p4 3 ... So I don't understand why I've got this problem :( When I make a top or uptime all seems that works well ... I've got rrdtool graphs that check cpu and load and seems normal too ... Does someone have got somes ideas ? Any clue or tips to isolate/resolve the problem are welcome Regards ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc The problem you have is caused by L7-filter There is a performance problem with this filter . ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Multiple uplinks, ssh connections hang
Folks, Ive got two ISP connections that I am using with: --- ip route add 192.168.200.0/24 dev eth2 src 192.168.200.11 table connection1 ip route add default via 192.168.200.1 table connection1 ip route add x.175.244.0/24 dev eth1 src x.175.244.2 table connection2 ip route add default via x.175.244.1 table connection2 ip rule add from 192.168.200.11 table connection1 ip rule add from x.175.244.2 table connection2 echo Enabling load balancing between ISP connections... ip route add default scope global nexthop via 192.168.200.1 dev eth2 weight 1 nexthop via x.175.244.1 dev eth1 weight 1 iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to x.175.244.2 iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 192.168.200.11 --- The 192.168.200.x (lan) network gets to the internet via another gateway (192.168.200.1). Client machines on the 200.x network work ok except for ssh connections to machines on the internet hanging. It asks for a password and hangs. Any ideas? Thanks Korey ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple uplinks, ssh connections hang
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello there, : The 192.168.200.x (lan) network gets to the internet via another : gateway (192.168.200.1). Client machines on the 200.x network : work ok except for ssh connections to machines on the internet : hanging. It asks for a password and hangs. Any ideas? Thanks Yes. Vincent Jaussaud had a very similar problem (though much larger than yours) several years ago [0]. If you run tcpdump on the client and watch for the ToS to change (just after authentication), it should become very clear what is happening. You must remember that the the tuple on which a route is selected includes the ToS. So, after you have tried to connect to the ssh server in the public Internet from the inside (watching with tcpdump, of course), run ip route show cache $DEST_IP and compare the set of results. If that's at all unclear, maybe this will also help [1]. Good luck, - -Martin [0] http://mailman.ds9a.nl/pipermail/lartc/2002q4/005653.html [1] http://linux-ip.net/html/routing-selection.html#tb-routing-selection-adv - -- Martin A. Brown http://linux-ip.net/ -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2 (GNU/Linux) Comment: pgf-0.72 (http://linux-ip.net/sw/pine-gpg-filter/) iD8DBQFF42TLHEoZD1iZ+YcRAlZqAKCrpGmNKdyCUUwExGW2MWLUQqMzzwCgiKY6 czRMryHmcM9HBGdKkFfWUgg= =Pgu8 -END PGP SIGNATURE- ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple uplinks, ssh connections hang
From: Korey O'Dell [EMAIL PROTECTED] The 192.168.200.x (lan) network gets to the internet via another gateway (192.168.200.1). Client machines on the 200.x network work ok except for ssh connections to machines on the internet hanging. It asks for a password and hangs. Any ideas? Thanks Korey SSH is a good test of whether you have set up your multiple uplinks correctly. You need CONNMARK, so that once a session is established with one uplink, it continues to stay with the same uplink. SSH does not like it if you change uplink in the middle of one session. Cheers. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Multiple uplinks, ssh connections hang
Hello korey, I don't think your configuration will work well, because there're balancing using weight connection. So, if you have connection-oriented-application that must sure passing their traffic only from one connection (such as ssh and https-please try to test open and login to hotmail.com), it will fail when the default routing switch from one gateway to another (round robin). Dont use this config for connection-oriented application. it's round robin rule, that will switch from one gateway to another without notice/know about traffic type. ip route add default scope global nexthop via 192.168.200.1 dev eth2 weight 1 nexthop via x.175.244.1 dev eth1 weight 1 please refer to this documentation howto develop multpile internet connection gateway. http://linux-ip.net/html/adv-multi-internet.html Best Regards, Denny Z On 2/27/07, Korey O'Dell [EMAIL PROTECTED] wrote: Folks, Ive got two ISP connections that I am using with: --- ip route add 192.168.200.0/24 dev eth2 src 192.168.200.11 table connection1 ip route add default via 192.168.200.1 table connection1 ip route add x.175.244.0/24 dev eth1 src x.175.244.2 table connection2 ip route add default via x.175.244.1 table connection2 ip rule add from 192.168.200.11 table connection1 ip rule add from x.175.244.2 table connection2 echo Enabling load balancing between ISP connections... ip route add default scope global nexthop via 192.168.200.1 dev eth2 weight 1 nexthop via x.175.244.1 dev eth1 weight 1 iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to x.175.244.2 iptables -t nat -A POSTROUTING -o eth2 -j SNAT --to 192.168.200.11 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
